But upon attempting to deploy the application, I get the following error:

Caused by: org.picketlink.idm.IdentityManagementException: The store does not support type [class org.picketlink.idm.model.basic.User]. The attribute mapping must provide a String-based field to reference instances of this type.

at org.picketlink.idm.jpa.internal.JPAIdentityStore.getAttributeMapper(JPAIdentityStore.java:1433)

at org.picketlink.idm.jpa.internal.JPAIdentityStore.getAttributes(JPAIdentityStore.java:1266)

at org.picketlink.idm.jpa.internal.JPAIdentityStore.loadAttributes(JPAIdentityStore.java:386)

at org.picketlink.idm.query.internal.DefaultIdentityQuery.getResultList(DefaultIdentityQuery.java:193)

I see. After looking at your configuration I've noticed that you may be using the wrong entity to map ad-hoc attributes. That is what that exception message is telling you.

Considering that you are using different identity stores to store different types, and also using the JPA store to support ad-hoc attributes (supportAttributes config) you need to map the corresponding entity [1] to just have a reference to a specific instante of a type (eg.: john user).

I've created a new quickstart [2] based on your use case. Hope it helps.

Thanks, Pedro, that's extremely helpful. As a newcomer to PicketLink, one of the things I've found most difficult is understanding what I actually need to implement myself and what can be achieved through configuration where PicketLink will auto-magically sort it all out. Now that I have a working example it shouldn't be too difficult to fit the pieces together.